Here is my understanding of how Coldfusion implements session tracking and session variables. Please correct me if I am wrong.
When a user goes to any Coldfusion page, if the Cookies or URL variables CFID and CFTOKEN do NOT exist, then this is a new session. A CFID and CFTOKEN are generated and saved to the user's browser and in the variables Cookie.CFID and Cookie.CFTOKEN. The pair is also stored somewhere (where?) for tracking the session on subsequent requests. A new empty Session structure is created for this session (in RAM). If a user goes to a Coldfusion page and the Cookies or URL variables CFID and CFTOKEN already exist, then this is a returning user. The CFID and CFTOKEN are looked up somewhere (where?). If they do not match then this is a hacking attempt or a stale URL and they are thrown out. If they match, but the session has timed out then they are also thrown out and a new empty Session structure is created in RAM, I am not sure if a new different CFID and CFTOKEN are generated or the old one is reused. If the CFID and CFTOKEN matched and the session has NOT timed out, then the matching Session variables are loaded into the Session structure for the current request to have access to the Session. On each page any changes made to the Session variables are saved in RAM with the Session keyed by the CFID and CFTOKEN. Also on each page, the current session "last time accessed" is updated for the purposes of timing out the session. So, my question is: how do I access these "invisible" data structures? Can I list all of the current sessions (ie: all of the current valid CFID/CFTOKEN pairs, and their data structures)? Can I see the "last time access" of a session? Of course the "last time accessed" of the current session is, by definition, always right now. Somehow I need to figure out WHY sessions are disappearing! -Peter At 12:46 PM 7/29/2003 -0400, Peter Theobald wrote: >I am having a problem with Coldfusion sessions timing out too early. >The session timeout in the cfapplication is set to 2 hours. >The CF Administrator is set to a default of 20 minutes and a maximum of 2 hours. > >Users randomly get timed out in as little as 15 minutes or as much as the full 2 >hours. These timeouts are 15 minutes FROM WHEN THE SESSION STARTED, not 15 minutes of >idle time since the last page load. >The user can be clicking like crazy and BAM the session is gone. > >I set my browser to 'prompt' all cookies, and I am getting a CFID and CFTOKEN with an >expiration date many years in the future. When I close my browser, they get written >to cookies.txt so I don't think there is a problem with the CFID/CFTOKEN session >tracking cookies. > >For some reason the Coldfusion server (CF5) is expiring the session or forgetting it. >This is on a shared server, so I suspected the server was being reset. But I tested >four computers running sessions and they timed out at different times. If the server >was being reset they would have all lost their sessions at the same time. > >Is there any way I can view the current in-memory database of CFID/CFTOKEN sessions? >Can I write code to dump the values to a page so I can see what is really going on? >(please don't say to view the #session# structure because when the session times out >the #session# structure is lost completely.) > > >-Peter > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
